-
1. Re: Jaas & Session Bean methods
jarikr Jul 24, 2003 6:24 PM (in response to cenos)Try out to call
ctx.IsUserInRole( "Common" )
in the setX method, with ctx being the session context of the bean. if it is true, you can throw a SecurityException.
regards,
Jari -
2. Re: Jaas & Session Bean methods
cenos Jul 25, 2003 12:03 AM (in response to cenos)I have the roles already defined in ejb-jar.xml for each method. If I put the method sessioncontext.IsCallerInRole for deleteX, the previous role definition in ejb-jar is useless...
Isn't there a way to call again JaasSecurityManager.doesUserHaveRole() in the beginning of each method of my session bean?
and why isn't JaasSecurityManager authenticating the method (deleteX) inside another method (setX)?
What is the 'trigger' to call JaasSecurityManager? -
3. Re: Jaas & Session Bean methods
cenos Jul 28, 2003 6:42 PM (in response to cenos)Well, a workaround to this is to make an instance of the session bean inside of itself and use this to call the methods...
-
4. Re: Jaas & Session Bean methods
sradford Jul 29, 2003 9:39 AM (in response to cenos)Don't you need to go via an interface (local/remote) on the SessionBean to trigger the security manager. Just calling this.deleteX() won't allow the container to intercept the method call to do the security checking...